Skip to content

Commit b0bd57b

Browse files
derv82derv82
committed
Improve messaging during chopchop & fragment attacks
Bugfix when chopchop fails. Displays aircrack's error message when chopchop fails. For improving WEP attacks in #27
1 parent d8da679 commit b0bd57b

File tree

3 files changed

+77
-13
lines changed

3 files changed

+77
-13
lines changed

wifite/attack/wep.py

+7-3
Original file line numberDiff line numberDiff line change
@@ -85,6 +85,10 @@ def run(self):
8585

8686
while True:
8787
airodump_target = self.wait_for_target(airodump)
88+
89+
if client_mac is None and len(airodump_target.clients) > 0:
90+
client_mac = airodump_target.clients[0].station
91+
8892
status = "%d/{C}%d{W} IVs" % (airodump_target.ivs, Configuration.wep_crack_at_ivs)
8993
if fakeauth_proc:
9094
if fakeauth_proc and fakeauth_proc.status:
@@ -154,7 +158,7 @@ def run(self):
154158
# If .xor is not there, the process failed.
155159
Color.pl('\n{!} {O}%s attack{R} did not generate a .xor file' % attack_name)
156160
# XXX: For debugging
157-
Color.pl('{?} {O}Command: {R}%s{W}' % aireplay.cmd)
161+
Color.pl('{?} {O}Command: {R}%s{W}' % " ".join(aireplay.cmd))
158162
Color.pl('{?} {O}Output:\n{R}%s{W}' % aireplay.get_output())
159163
break
160164

@@ -179,8 +183,8 @@ def run(self):
179183
break
180184
else:
181185
Color.pl('\n{!} {O}aireplay-ng exited unexpectedly{W}')
182-
Color.pl('{?} {O}Command: {R}%s{W}' % aireplay.cmd)
183-
Color.pl('{?} {O}Output:\n%s{W}' % aireplay.get_output())
186+
Color.pl('{?} {O}Command: {R}%s{W}' % " ".join(aireplay.cmd))
187+
Color.pl('{?} {O}Output:\n{R}%s{W}' % aireplay.get_output())
184188
break # Continue to other attacks
185189

186190
# Check if IVs stopped flowing (same for > N seconds)

wifite/tools/aireplay.py

+66-6
Original file line numberDiff line numberDiff line change
@@ -90,17 +90,25 @@ def stop(self):
9090

9191
def get_output(self):
9292
''' Returns stdout from aireplay process '''
93-
return self.pid.stdout()
93+
return self.stdout
9494

9595
def run(self):
96+
self.stdout = ''
97+
self.xor_percent = '0%'
9698
while self.pid.poll() is None:
9799
time.sleep(0.1)
98100
if not os.path.exists(self.output_file): continue
99101
# Read output file & clear output file
100102
with open(self.output_file, "r+") as fid:
101103
lines = fid.read()
104+
self.stdout += lines
102105
fid.seek(0)
103106
fid.truncate()
107+
108+
if Configuration.verbose > 1 and lines.strip() != '':
109+
from ..util.color import Color
110+
Color.pl('\n{P} [?] aireplay output:\n %s{W}' % lines.strip().replace('\n', '\n '))
111+
104112
for line in lines.split("\n"):
105113
line = line.replace("\r", "").strip()
106114
if line == "": continue
@@ -124,33 +132,85 @@ def run(self):
124132
self.status = True
125133
elif self.attack_type == WEPAttackType.chopchop:
126134
# Look for chopchop status. Potential output lines:
135+
127136
# (START) Read 178 packets...
128137
read_re = re.compile(r"Read (\d+) packets")
129138
matches = read_re.match(line)
130139
if matches:
131140
self.status = "Waiting for packet (read %s)..." % matches.group(1)
141+
142+
# Sent 1912 packets, current guess: 70...
143+
sent_re = re.compile(r"Sent (\d+) packets, current guess: (\w+)...")
144+
matches = sent_re.match(line)
145+
if matches:
146+
self.status = "Generating .xor (%s)... current guess: %s" % (self.xor_percent, matches.group(2))
147+
132148
# (DURING) Offset 52 (54% done) | xor = DE | pt = E0 | 152 frames written in 2782ms
133149
offset_re = re.compile(r"Offset.*\(\s*(\d+%) done\)")
134150
matches = offset_re.match(line)
135151
if matches:
136-
self.status = "Generating Xor (%s)" % matches.group(1)
152+
self.xor_percent = matches.group(1)
153+
self.status = "Generating .xor (%s)..." % matches.group(1)
154+
137155
# (DONE) Saving keystream in replay_dec-0516-202246.xor
138156
saving_re = re.compile(r"Saving keystream in (.*\.xor)")
139157
matches = saving_re.match(line)
140158
if matches:
141159
self.status = matches.group(1)
142-
pass
160+
161+
# (ERROR) fakeauth required
162+
if 'try running aireplay-ng in authenticated mode' in line:
163+
self.status = 'fakeauth is required and you are not authenticated'
164+
143165
elif self.attack_type == WEPAttackType.fragment:
144-
# TODO: Parse fragment output, update self.status
166+
# Parse fragment output, update self.status
167+
168+
# (START) Read 178 packets...
169+
read_re = re.compile(r"Read (\d+) packets")
170+
matches = read_re.match(line)
171+
if matches:
172+
self.status = "Waiting for packet (read %s)..." % matches.group(1)
173+
145174
# 01:08:15 Waiting for a data packet...
175+
if 'Waiting for a data packet' in line:
176+
self.status = 'waiting for packet'
177+
178+
# Read 207 packets...
179+
trying_re = re.compile(r"Trying to get (\d+) bytes of a keystream")
180+
matches = trying_re.match(line)
181+
if matches:
182+
self.status = 'trying to get %sb of a keystream' % matches.group(1)
183+
146184
# 01:08:17 Sending fragmented packet
185+
if 'Sending fragmented packet' in line:
186+
self.status = 'sending packet'
187+
147188
# 01:08:37 Still nothing, trying another packet...
189+
if 'Still nothing, trying another packet' in line:
190+
self.status = 'sending another packet'
191+
148192
# XX:XX:XX Trying to get 1500 bytes of a keystream
193+
trying_re = re.compile(r"Trying to get (\d+) bytes of a keystream")
194+
matches = trying_re.match(line)
195+
if matches:
196+
self.status = 'trying to get %sb of a keystream' % matches.group(1)
197+
149198
# XX:XX:XX Got RELAYED packet!!
199+
if 'Got RELAYED packet' in line:
200+
self.status = 'got relayed packet'
201+
150202
# XX:XX:XX Thats our ARP packet!
203+
if 'Thats our ARP packet' in line:
204+
self.status = 'relayed packet was our'
205+
151206
# XX:XX:XX Saving keystream in fragment-0124-161129.xor
207+
saving_re = re.compile(r"Saving keystream in (.*\.xor)")
208+
matches = saving_re.match(line)
209+
if matches:
210+
self.status = 'saving keystream to %s' % saving_re.group(1)
211+
152212
# XX:XX:XX Now you can build a packet with packetforge-ng out of that 1500 bytes keystream
153-
pass
213+
154214
else: # Replay, forged replay, etc.
155215
# Parse Packets Sent & PacketsPerSecond. Possible output lines:
156216
# Read 55 packets (got 0 ARP requests and 0 ACKs), sent 0 packets...(0 pps)
@@ -188,7 +248,7 @@ def get_aireplay_command(target, attack_type,
188248
cmd = ["aireplay-ng"]
189249
cmd.append("--ignore-negative-one")
190250

191-
if not client_mac and len(target.clients) > 0:
251+
if client_mac is None and len(target.clients) > 0:
192252
# Client MAC wasn't specified, but there's an associated client. Use that.
193253
client_mac = target.clients[0].station
194254

wifite/util/process.py

+4-4
Original file line numberDiff line numberDiff line change
@@ -36,9 +36,9 @@ def call(command, cwd=None, shell=False):
3636
pid.wait()
3737
(stdout, stderr) = pid.communicate()
3838

39-
if Configuration.verbose > 1 and stdout.strip() != '':
39+
if Configuration.verbose > 1 and stdout is not None and stdout.strip() != '':
4040
Color.pe("{P} [stdout] %s{W}" % '\n [stdout] '.join(stdout.strip().split('\n')))
41-
if Configuration.verbose > 1 and stderr.strip() != '':
41+
if Configuration.verbose > 1 and stderr is not None and stderr.strip() != '':
4242
Color.pe("{P} [stderr] %s{W}" % '\n [stderr] '.join(stderr.strip().split('\n')))
4343

4444
return (stdout, stderr)
@@ -91,14 +91,14 @@ def __del__(self):
9191
def stdout(self):
9292
''' Waits for process to finish, returns stdout output '''
9393
self.get_output()
94-
if Configuration.verbose > 1 and self.out.strip() != '':
94+
if Configuration.verbose > 1 and self.out is not None and self.out.strip() != '':
9595
Color.pe("{P} [stdout] %s{W}" % '\n [stdout] '.join(self.out.strip().split('\n')))
9696
return self.out
9797

9898
def stderr(self):
9999
''' Waits for process to finish, returns stderr output '''
100100
self.get_output()
101-
if Configuration.verbose > 1 and self.err.strip() != '':
101+
if Configuration.verbose > 1 and self.err is not None and self.err.strip() != '':
102102
Color.pe("{P} [stderr] %s{W}" % '\n [stderr] '.join(self.err.strip().split('\n')))
103103
return self.err
104104

0 commit comments

Comments
 (0)